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METHOD FOR ACCESSING A DATA 
PROCESSING SYSTEM 

BACKGROUND 

[0001] The invention r e lates to a A method for accessing a data processing 
system is provided . 

[0002] According to the prior art, data processing systems which are are 
composed of a multiplicity of data processing units.- It is widely known, for 
example, that personal computers, computer-controlled equipment, servers and the 
like which are networked to one another for th eto exchange of-data. , are widely 
known. In this cont e xt, e Each data processing unit is assigned a restricted number 
of users. In order to prevent unauthorized use of a data processing unit, each user 
has a personal password. A user proves his authentication bB y inputting the 
password-the user proves his authentication and receives access to the data 
processing system. 

[0003] In particular in hospitals medical facilities , data processing systems are 
complex nowadays . Inter alia, dD iagnostic and analytical devices are components 
of such medical facilities data processing systems . Stteh- These devices must 
always be kept in a satisfactory functional state. In particular, A system technician 
generally requires access to the data processing system for 

maintenance maintenance and repair of theses aeb devices g e n e rally requires access 
via a system technician to the data processing system . _A continuous problem 
which continu e s to b e unresolved is that the system technician ther e for e can under 
certain circumstances receive access to personal patient data when accessing the 
data processing system . For r e asons o f According to data protection law, such a 
data processing system can only be accessed eftf-^according to the two man 
principle, i.e. only by two authorized persons at the same time. _In practice, this is 
how e ver virtually impossible to implement, b e cau s e i lf there is a functional fault 
in a data processing system^ immediate remedy is generally necessary and in some 
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cases two authorized system technicians which that are sufficiently qualified to 
deal with the functional fault are not always available at the same time. 
[0004] DE 101 21 819 Al discloses a method in which a doctor is provided 
with access to patient-specific data only R after the doctor reads in a first chip card 
assigned to him and the patient, who patient. whom - is present at the same time, 
and reads in a second chip card , which that belongs to him, into the data 
processing device at the doctor's surgery (station), for the purpose of 
authentication. 
SUMMARY 

[0005] Th e object of the inv e ntion is to specify a m e thod which permits access, 
which ensures control over the data by a system administrator, to a data processing 
syst e m only according to the two man principle. 

[0006] This object is achieved by means of the features of claim 1. Expedient 
r e fin e m e nts of the m e thod resu l t from the f e atures of claims 2 to 13. 
[0007] According to the invention, a A method for accessing a data processing 
systemi-whie h that is formed from data processing units which are networked to 
one another for the exchange of data, is provide d. The method includes , having 
th e following steps:; providing a first authentication means (9) for that 
authenticates*?** a system administrator, authenticating the system administrator 
on a first data processing unit by transferring the first authentication m e ans to an 
authentication program, providing a second authentication means for that 
authenticatesmg a system technician, authenticating the system technician on a 
second data processing unit by transferring the second authentication m e ans to the 
authentication program and resulting automatic generation of an identification 
information item whieh- that identifies the carrier of the second authentication 
means, displaying the identification information item on the first data processing 
unit (4^-of the system administrator^ and enabling access authorization fe^to the 
system technician and automatic triggering of a function that fef generatesiflg and 
storesiftg a log file which that logs the activity of the system technician on the data 
processing system. 
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[0008] According to the inventive method 

[0009] The system technician is not provided with access to the data 
processing system until after a second authentication m e ans which that is assigned 
to him has been transferred. The enabling of such access is documented by the 
generation of an identification information item and is displayed on the first data 
processing unit of the system administrator. A log file that which logs the activity 
of the system technician-trnd by reference reference. to which the intervention by 
the system technician can be tracked, for example by the system administrator, is 
also generated. _This ensures that the system administrator always has control over 
the data. _By means of t The generated log files make it is possible for him to check 
whether a system technician has access to data without authorization. In this case, 
the system administrator can immediately block any further access to the data 
processing system for the respective system technician. With the propos e d 
method, Thus, access to a data processing system is made possible according to the 
two man principle. H e re, it is of particular It is advantag advantageouse that mek 
access can only take place only if the system administratorT^wkh has knowledge of 
knowledge of th e system administrator, only on e svstem the system technician that 
is active on ene-the data processing unit. 

[0010] The term "access" is understood in the sens e of the pres e nt invention to 
mean any activity during which the data stock (stack) of a data processing system 
is inspected, changed or copied in its entirety or partially. A "data processing unit" 
in th e sense of the pr e s e nt invention is a device which that is connected, for the 
exchange of data, to other devices which that are suitable for the exchange of data. 
For the exchang e of data, such These devices usually have a bidirectional 
interface . Th e s e devices and can be a personal computer, computer-controlled 
systems, e^- computer-controlled devices or the like. 

[0011] The term "system administrator" is understood to refer to a person who 
has particular rights with respect to the management and maintenance of the data 
processing system. _In contrast to a system technician, the system administrator m 
the sense of the present invention is able to permit or block access to the data 
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processing system, _This possibility is assigned to the system administrator in 
particular by the means of th e first authentication, authentication means, 
^authentication . 

[0012] In order to authenticate the system technician, the second authentication 
m e ans can be compared by m e ans of the authentication program by accessing a 
file containing a verifiod, second authentication^ means, and w When there is 
correspondence with ene-ef-the v e rifi e d, second authentication^ m e ans a 
corresponding information item is transferred to the system administrator. _A 
" verified, second authentication-means" is understood to be a copy of the second 
authentication m e ans which that has been transferred to the system technician. 
and said This copy is managed by the system administrator in a file which that only 
he can access. In order to access the data processing system, the system 
administrator transfers a particular, second authentication means to each system 
technician. Jn order to facilitate the checking of the authenticity of the second 
authentication-means, these are stored together in the file. .If the authentication 
program detects that an access request is present on the basis of a second 
authentication m e ans which is identical to a verified, second auth e ntication 
authenticationm eans, this is indicated to the system administrator by means of a 
suitable information item. JEach verified, second authentication weans-contained 
in the file is advantageously assigned an identification information item which is 
specific thereto. _This information item can be, for example, the name and, if 
appropriate, tho and the membership of the system technician of a specific 
organization ._ If the second authentication means-corresponds to a verified, second 
authentication m e ans which is stored in the file, the name and the organization of 
the system technician can therefore be additionally displayed to the system 
administrator. 

[0013] In a particularly simple cas e , t The first, and&esecond , or the 
combination thereof of both the authentications ^neaftsis-are an authentication 
code which that can be transferred to the authentication program preferably by 
means of a keypad which is-provided on a data processing unit. _In order to 
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increase security,, it is expedient for the authentication code to be stored in a 
mobile memory unit wbieh -that c an be connected to the data processing system for 
the transmission of data. _The memory unit may be an authentication card which 
that is provided with a data carrier. _The authentication card can have a memory 
means, in particular for storing the log file, and/or an information item which that 
permits access to the log file , or both . _The information item can be, for example, a 
"link" which can be used to locate and open the log file. 

[0014] In order to increase the security, the enabling of an access authorization 
is done via the system administrator by manually triggering a function which that 
is provided for this purpose in the authentication program, and can be accessed 
exclusively by the system administrator.. This ensures that access occurs only with 
the active consent of the system administrator. .However, it may also be the case 
that access is automatically granted to the system technician after automatic 
checking of the second authentication authentication means . In this case also, m 
particular a log file is produced automatically according to the inv e ntion . This 
permits access to data processing systems, in particular in hospitals, which 
systems that have to be kept functionally available without interruption , for 
example, a medical data processing system . 

[0015] According to a further refinem e nt, p Provision is made for the 
connection between the first data processing unit and the second data processing 
unit to be established via the Internet or via an intranet. _This permits access by the 
system technician from a remote location , second data processing unit . _It is thus 
possible for a system technician who has optimum qualifications for the respective 
problem to access the data processing system at any time, i.e. irrespective of his 
location. _This permits rapid and effective elimination of functional faults. At th e 
same time, in this context t Thus, t he authenticity of the accessing system 
technician is ensured and his activity is logged. _The access by the system 
technician also takes plac e in this case according to also satisfies the two man 
principle. _ By means of the A_data processing system it i s possible, in particular, to 
proc e ss data which enables an individual person to process data that normally can 
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be accessed only wkh -after particular authorization or only by persons with a 
simple authorization according to the two man principle when the particular 
authorization is not present. .Proof of the particular authorization is expediently 
given by transferring a third authentication-mefms, assigned to the person, to the 
data processing system. For example, a doctor may be given authorization to 
access patient data or personal data that requires protection. The individual person 
with particular authorization may be, for exampl e , a doctor. The data may be 
p e rsona] data which r e quires protection, in particular patient data. 
P R A WING Sm wfflgs 

[0016] Eexemplary embodiments of th e invention will be explained in more 
detail below with reference to the Ddrawings, , in which: 
[0017] Ffigurer 1 shows the method by m e ans of a schematic overview of a 
method for accessing data. T-aftd 

[0018] Ffigurev 2 shows the essential features of an authentication program. 

DETAILED DESCRIPTION OF THE DRAWINGS AND THE 
PRESENTLY PREFERRED EMBODIMENTS 

[0019] Fig. 1 is a schematic view of a first data processing unit 1, for example 
a personal computer. The first data processing unit 1 is a component of a first 
network e d data processing system Dl tha t which comprises^-as further data 
processing units^ The further data processing units may be, for example, 
computer-controlled devices 2 or feftheppersonal computers 3. The first data 
processing unit 1 is assigned to a system administrator 4 who has data 
eenfrel authorization over the first data processing unit Dl. The system 
administrator 4 is authorized in particular to assign roles and rights to users of the 
first data processing system Dl by m e ans o f using a first program 5. Such roles and 
rights permit the respective user only to have access to the data which is necessary 
for his area of work. The users can access such data at any time, irer fcr example, 
even if the system administrator 4 is not logged into the first data processing 
system DL 
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[0020] The first data processing system Dl is logged into a second data 
processing system D2 of a service organization via a data line which is protected 
with a firewall 6. The connection can be established, for example, via the Internet 
or an intranet. The second data processing system D2 comprises a second data 
processing unit 7, for example,, a personal computer, which computer that is 
assigned to a system technician 8. 

[0021] The syst e m administrator 4 first data processing unit 1 has, for its 
authentication, a first memory card 9 on which a first authentication code is stored. 
The first authentication code can be is made available fe^by reading out by means 
ef^a suitable reading device of the first data processing system Dl. The system 
technician 8 second processing unit. 7 has, for his authentication, a second memory 
card 10 on which a second authentication code is stored. The second 
authentication code can be read out and the first data processing system Dl can be 
allow e d to access i Hhe second authentication code by means of a a suitable 
reading device. _The reading unit for reading out the second memory card 10 does 
not nec e ssarily need to be a component of the first data processing system Dl 
hefe. _It can alse-be a component of the second data processing system D2. _In this 
case, the authenticity of the second authentication code can be checked by m e ans 
e£a second program 1 U that is provided in the second data processing system D2, 
before an attempt is made to access the first data processing system Dl. 
[0022] ¥h eAn example of the function of the device is as follows: will be 
described below. 

[0023] At first, a An IT manager 12 who is responsible for the first data 
processing system Dl and a service organization or the system technician 8 form 
and agree to conclude a service contract. _After such a the service contract has been 
conclud e d finalized , the IT manager 12 sends a second memory card 10 with the 
second authentication code stored on the second memory card 10 to the system 
technician 8.. r e c e ives, from the IT manag e r 12, a s e cond memory card 10 on 
which the second authentication code is stored. 
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[0024] In a first maintenance or /repair situation, the system administrator 4 
requests a service from the service technician 8 by m e ans of a telephone call or by 
e-mailrOThis may be a service that which can be performed from the second data 
processing unit 7. In this case, the service technician 8 transfers the second 
memory card 10 to a reading device which that is provided at the second data 
processing unit 7. _As a result, the second authentication code which that 
authenticates the service technician 8 within the second data processing system D2 
is transferred to the second program 1 1 . _The second authentication code is 
checked. _If the second program 1 1 recognizes the second authentication code as 
authentic, a connection is established to the first data processing system Dl via the 
data line. .The desired access is checked by means of by the first program 5. _Fw 
this purpose i lt is initially checked whether the first memory card 9 is inserted into 
a reading device, for example^ at the first data processing unit 1. _If this is not 
inserted into a reading device th e case , access by the system technician 8 is not 
allowed. _If access to the first authentication code which that is stored on the first 
memory card 9 is possible in order to authenticate the system administrator 4, the 
second authentication code is compared with a multiplicity of second 
authentication codes that whi c h are stored in a file. _If the second authentication 
code is recognized as not bemg-authentic, access by the system technician 8 is not 
allowed access . Jf the second authentication code is recognized as being authentic, 
a log function is triggered. At the same time, the system technician 8 is provided 
with access to the first data processing system Dl. As long as the service 
technician 8 accesses the first data processing system Dl, all the changes, 
supplements and the like to the data stock (stack) of the first data processing 
system Dl are logged. _As soon as the system technician 8 has concluded his 
activity and has logged off, the log file is closed. 

[0025] The log file advantageously contains-beth the log of all the changes, 
supplements and the like to the data stock (stack) of the first data processing 
system Dl . The log file also includes the and in addition th e following 
information: name of the system technician, name of the service organization, 
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login/ILogout time, and method of access, if appropriate identification of the data 
processing unit isjased for access. 

[0026] In a second maintenance/ or repair situation, the system administrator 
requests a service which is to be carried out in situ from the service technician 8 
by m e ans of a telephone call or by e mail . The service requests may comprise, for 
example, exchanging a module on an X-ray computed tomograph in a hospital. _In 
this case, the service technician 8 logs in on a suitable data processing unit of the 
first data processing system Dl using the second memory card 10. _In this case 
alse, access is possible only if the system administrator 4 is logged into the first 
data processing system Dl at the same time using the first memory card 9. 
[0027] According to a further advantageous function, t The system 
administrator 4 can interrupt the activity of the system technician 8 at any time by 
interrupting the system technician's 8 access to the first data processing system Dl 
by interrupting the access the access to the first authentication code. _This may be 
done, for example, by- when the system administrator 4 removesmg the first 
memory card 9 from the respective reading device. In contrast to conventional 
m e thods, with th e m e thod according to th e inv e ntion t Accordingly, t he system 
administrator 4 always keeps control over the data. Furthermore, by u JJsing the 
automatic logging function makes it is possible to track all the activities of the 
system technician 8. The system administrator 8 to the first data processing 
system Dl may block access to the system technician 8 if there is any misuse of 
the data. In the case of misuse it is possible to readi ly block a further access hy the 
syst e m administrator 8 to th e first data processing system Dl . To do this T o block 
access, the respective second authentication code which that is stored in the file 
must merely be removed or changed. 

[0028] With the proposed method, access by the system technician 8 to the 
data stock (stack) of the first data processing system Dl is possible enJ^according 
to the two man principle, i ^for example, such access always occurs under the 
control of the system administrator 4. To this extent, unauthorized access by the 
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system technician 8 to personal data which requires protection, for example patient 
data, can always be prevented. 

[0029] Fig. 2 is a schematic view of the essential components of the first 
program 5. UI1 is a first user interface for access by the first data processing 
system DL-xmd UI2 is a second user interface for access, for example, via the data 
line. 

[0030] An access module 13 permits or blocks access for a system technician 8 
to the first data processing system Dl. The access module 13 manages and 
compares ,, in particular, authentication codes. 

[0031] The first program 5 can advantageously have further modules which 
tha Lfacilitate, in particular, maintenance facilitate maintenance, fmd/e^repair work. 
or the combination thereof, on the first data processing system Dl. It is thus 
possible, for example, for a localization module 14 to be provided with which it is 
possible to that detects at which data processing unit a qualified system technician 
8 is currently active, and at which he can be called if necessary. 
[0032] The logging module 15 brings about logging of tho logs the activity of 
the system technician 8. With t The logging module 15 , in particula r creates log 
files that are produced and stored at a predefined location. 
[0033] An anonymization module 16 serves , in particular, to anonymize 
personal data wtoeh -that requires protection. For example, it is possible to replace 
names of patients by codes so that, in accordance with the data protection 
regulations, a system technician 8 is prevented from viewing personal data. 
[0034] Auxiliary modules 17, 18 make available a give a description of the 
functions of the first program 5 which that are necessary for the system 
administrator 4 and the system technician 8. A modality module 19 permits data to 
be exchanged, for example, with computer-controlled devices such as X-ray 
computed tomographs-ete. In a similar way, a An IT system module 20 permits 
data to be exchanged with databases-ete. 

An operating system module 21 provides the necessary conditions for correct 
integration of the first program 5 into the respectively-ased operating system. 
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[0035] While the invention has been described above by reference to various 
embodiments, it should be understood that many changes and modifications can be 
made without departing from the scope of the invention. It is therefore intended 
that the foregoing detailed description be regarded as illustrative rather than 
limiting, and that it be understood that it is the following claims, including all 
equivalents, that are intended to define the spirit and scope of this invention. 
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